package org.italiangrid.voms.asn1;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.IetfAttrSyntax;
import org.bouncycastle.asn1.x509.Target;
import org.bouncycastle.asn1.x509.TargetInformation;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.italiangrid.voms.VOMSAttribute;
import org.italiangrid.voms.VOMSError;
import org.italiangrid.voms.VOMSGenericAttribute;
import org.italiangrid.voms.ac.impl.VOMSAttributesImpl;
import org.italiangrid.voms.ac.impl.VOMSGenericAttributeImpl;

/* loaded from: input_file:org/italiangrid/voms/asn1/VOMSACUtils.class */
public class VOMSACUtils implements VOMSConstants {
    public static final String POLICY_AUTHORITY_SEP = "://";

    public static byte[] getVOMSExtensionFromCertificate(X509Certificate x509Certificate) {
        return x509Certificate.getExtensionValue(VOMSConstants.VOMS_EXTENSION_OID.getId());
    }

    public static List<AttributeCertificate> getACsFromVOMSExtension(byte[] bArr) throws IOException {
        if (bArr == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
        byte[] octets = aSN1InputStream.readObject().getOctets();
        aSN1InputStream.close();
        ASN1InputStream aSN1InputStream2 = new ASN1InputStream(new ByteArrayInputStream(octets));
        ASN1Sequence readObject = aSN1InputStream2.readObject();
        aSN1InputStream2.close();
        Enumeration objects = readObject.getObjects();
        while (objects.hasMoreElements()) {
            Enumeration objects2 = ((ASN1Sequence) objects.nextElement()).getObjects();
            while (objects2.hasMoreElements()) {
                arrayList.add(AttributeCertificate.getInstance(objects2.nextElement()));
            }
        }
        return arrayList;
    }

    public static List<AttributeCertificate> getACsFromCertificate(X509Certificate x509Certificate) throws IOException {
        return getACsFromVOMSExtension(getVOMSExtensionFromCertificate(x509Certificate));
    }

    private static List<String> deserializeFQANs(IetfAttrSyntax ietfAttrSyntax) {
        if (ietfAttrSyntax.getValueType() != 1) {
            raiseACNonConformantError("unsupported attribute values encoding.");
        }
        ArrayList arrayList = new ArrayList();
        for (ASN1OctetString aSN1OctetString : (ASN1OctetString[]) ietfAttrSyntax.getValues()) {
            arrayList.add(new String(aSN1OctetString.getOctets()));
        }
        return arrayList;
    }

    private static List<String> deserializeACTargets(X509AttributeCertificateHolder x509AttributeCertificateHolder) {
        ArrayList arrayList = new ArrayList();
        Extension extension = x509AttributeCertificateHolder.getExtension(Extension.targetInformation);
        if (extension == null) {
            return arrayList;
        }
        ASN1Sequence aSN1Primitive = TargetInformation.getInstance(extension.getParsedValue()).getTargetsObjects()[0].toASN1Primitive();
        Target[] targetArr = new Target[aSN1Primitive.size()];
        int i = 0;
        Enumeration objects = aSN1Primitive.getObjects();
        while (objects.hasMoreElements()) {
            int i2 = i;
            i++;
            targetArr[i2] = Target.getInstance(((ASN1Sequence) objects.nextElement()).getObjectAt(0));
        }
        for (Target target : targetArr) {
            GeneralName targetName = target.getTargetName();
            if (targetName.getTagNo() != 6) {
                raiseACNonConformantError("wrong AC target extension encoding. Only URI targets are supported.");
            }
            arrayList.add(targetName.getName().getString());
        }
        return arrayList;
    }

    private static void raiseACNonConformantError(String str) {
        throw new VOMSError("Non conformant VOMS Attribute certificate: " + str);
    }

    private static String policyAuthoritySanityChecks(IetfAttrSyntax ietfAttrSyntax) {
        String string = ietfAttrSyntax.getPolicyAuthority().getNames()[0].getName().getString();
        int indexOf = string.indexOf(POLICY_AUTHORITY_SEP);
        if (indexOf < 0 || indexOf == string.length() - 1) {
            raiseACNonConformantError("unsupported policy authority encoding '" + string + "'");
        }
        return string;
    }

    public static List<VOMSAttribute> deserializeVOMSAttributes(List<AttributeCertificate> list) {
        if (list == null || list.size() == 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        Iterator<AttributeCertificate> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(deserializeVOMSAttributes(it.next()));
        }
        return arrayList;
    }

    public static VOMSAttribute deserializeVOMSAttributes(AttributeCertificate attributeCertificate) {
        VOMSAttributesImpl vOMSAttributesImpl = new VOMSAttributesImpl();
        X509AttributeCertificateHolder x509AttributeCertificateHolder = new X509AttributeCertificateHolder(attributeCertificate);
        for (Attribute attribute : x509AttributeCertificateHolder.getAttributes(VOMS_FQANS_OID)) {
            IetfAttrSyntax ietfAttrSyntax = IetfAttrSyntax.getInstance(ASN1Sequence.getInstance(attribute.getAttributeValues()[0].toASN1Primitive()));
            String policyAuthoritySanityChecks = policyAuthoritySanityChecks(ietfAttrSyntax);
            vOMSAttributesImpl.setVO(policyAuthoritySanityChecks.substring(0, policyAuthoritySanityChecks.indexOf(POLICY_AUTHORITY_SEP)));
            vOMSAttributesImpl.setHost(policyAuthoritySanityChecks.substring(policyAuthoritySanityChecks.indexOf(POLICY_AUTHORITY_SEP) + 3, policyAuthoritySanityChecks.lastIndexOf(":")));
            vOMSAttributesImpl.setPort(Integer.parseInt(policyAuthoritySanityChecks.substring(policyAuthoritySanityChecks.lastIndexOf(":") + 1)));
            vOMSAttributesImpl.setFQANs(deserializeFQANs(ietfAttrSyntax));
            vOMSAttributesImpl.setNotBefore(x509AttributeCertificateHolder.getNotBefore());
            vOMSAttributesImpl.setNotAfter(x509AttributeCertificateHolder.getNotAfter());
            vOMSAttributesImpl.setSignature(x509AttributeCertificateHolder.getSignature());
            vOMSAttributesImpl.setGenericAttributes(deserializeGAs(x509AttributeCertificateHolder));
            vOMSAttributesImpl.setAACertificates(deserializeACCerts(x509AttributeCertificateHolder));
            vOMSAttributesImpl.setTargets(deserializeACTargets(x509AttributeCertificateHolder));
            vOMSAttributesImpl.setVOMSAC(x509AttributeCertificateHolder);
            try {
                vOMSAttributesImpl.setIssuer(new X500Principal(x509AttributeCertificateHolder.getIssuer().getNames()[0].getEncoded()));
                vOMSAttributesImpl.setHolder(new X500Principal(x509AttributeCertificateHolder.getHolder().getIssuer()[0].getEncoded()));
                vOMSAttributesImpl.setHolderSerialNumber(x509AttributeCertificateHolder.getHolder().getSerialNumber());
            } catch (IOException e) {
                throw new VOMSError("Error parsing attribute certificate issuer  or holder name: " + e.getMessage(), e);
            }
        }
        return vOMSAttributesImpl;
    }

    private static List<VOMSGenericAttribute> deserializeGAs(X509AttributeCertificateHolder x509AttributeCertificateHolder) {
        ArrayList arrayList = new ArrayList();
        Extension extension = x509AttributeCertificateHolder.getExtension(VOMS_GENERIC_ATTRS_OID);
        if (extension == null) {
            return arrayList;
        }
        ASN1Sequence parsedValue = extension.getParsedValue();
        if (parsedValue.size() != 1) {
            raiseACNonConformantError("unsupported generic attributes container format.");
        }
        ASN1Sequence objectAt = parsedValue.getObjectAt(0);
        if (objectAt.size() > 1) {
            raiseACNonConformantError("unsupported taglist format.");
        }
        if (objectAt.size() == 0) {
            return arrayList;
        }
        Enumeration objects = objectAt.getObjectAt(0).getObjectAt(1).getObjects();
        while (objects.hasMoreElements()) {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) objects.nextElement();
            if (aSN1Sequence.size() != 3) {
                raiseACNonConformantError("unsupported tag format.");
            }
            VOMSGenericAttributeImpl vOMSGenericAttributeImpl = new VOMSGenericAttributeImpl();
            vOMSGenericAttributeImpl.setName(new String(DEROctetString.getInstance(aSN1Sequence.getObjectAt(0)).getOctets()));
            vOMSGenericAttributeImpl.setValue(new String(DEROctetString.getInstance(aSN1Sequence.getObjectAt(1)).getOctets()));
            vOMSGenericAttributeImpl.setContext(new String(DEROctetString.getInstance(aSN1Sequence.getObjectAt(2)).getOctets()));
            arrayList.add(vOMSGenericAttributeImpl);
        }
        return arrayList;
    }

    private static X509Certificate[] deserializeACCerts(X509AttributeCertificateHolder x509AttributeCertificateHolder) {
        ArrayList arrayList = new ArrayList();
        Extension extension = x509AttributeCertificateHolder.getExtension(VOMS_CERTS_OID);
        if (extension == null) {
            return null;
        }
        ASN1Sequence parsedValue = extension.getParsedValue();
        if (parsedValue.size() != 1) {
            raiseACNonConformantError("unsupported accerts format.");
        }
        Enumeration objects = parsedValue.getObjectAt(0).getObjects();
        CertificateFactory certificateFactory = new CertificateFactory();
        while (objects.hasMoreElements()) {
            try {
                arrayList.add((X509Certificate) certificateFactory.engineGenerateCertificate(new ASN1InputStream(((DLSequence) objects.nextElement()).getEncoded())));
            } catch (IOException e) {
                throw new VOMSError("Certficate parsing error : " + e.getMessage(), e);
            } catch (CertificateEncodingException e2) {
                throw new VOMSError("Certificate encoding error: " + e2.getMessage(), e2);
            } catch (CertificateParsingException e3) {
                throw new VOMSError("Certificate parsing error: " + e3.getMessage(), e3);
            } catch (CertificateException e4) {
                throw new VOMSError("Error generating certificate from parsed data: " + e4.getMessage(), e4);
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private VOMSACUtils() {
    }
}
